You are not logged in.
- Topics: Active | Unanswered
#1 2018-10-26 01:36:23
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Heads up: X Server exploit CVE-2018-14665
Hello:
I have not seen this posted in the Dev1 forum yet but if it this is the wrong place, please move it as necessary.
A two year old X Server vulnerability has seen the light, reported by Narendra Shinde and Red Hat a couple of days ago, it's CVE-2018-14665.
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Here's an article about it from The Register:
https://www.theregister.co.uk/2018/10/2 … erability/
Here's the cve entry:
https://cve.mitre.org/cgi-bin/cvename.c … 2018-14665
Here's a link to a gitlab post:
https://gitlab.freedesktop.org/xorg/xse … 7c86fe330e
Apparently, it does not affect those of us using a display manager to start an X session, so I guess most of us are covered (?).
In any case, I guess a patch/update should be forthcoming soon.
Cheers,
A.
Offline
#2 2018-10-26 15:06:24
Re: Heads up: X Server exploit CVE-2018-14665
In any case, I guess a patch/update should be forthcoming soon.
Hello. Security updates for this vulnerability already in the mirrors. Just run
apt updateand
apt upgradeWhat economists call over-production is but a production that is above the purchasing power of the worker, who is reduced to poverty by capital and state.
----+- Peter Kropotkin -+----
Offline
#3 2018-10-26 16:09:46
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: Heads up: X Server exploit CVE-2018-14665
Hello:
Security updates for this vulnerability already in the mirrors.
Indeed ...
Saw it not 15' after I posted.
Fast as lightning. =-)
A big Thank You! to the maintainers.
Cheers,
A.
Offline
